On October 28, the National Data Protection Authority (“ANPD”, its acronym in Portuguese) approved a resolution regulating the Supervisory Proceeding, as well as the Sanctioning Administrative Proceeding within the scope of the Authority.
The regulatory framework is quite relevant, and mainly, signals to market agents that the ANPD is functioning and organizing itself institutionally to exercise its inspection activities, which include: (i) monitoring; (ii) orientation; (iii) prevention, and (iv) repression.
Despite this, no guidelines have been established yet, regarding the dosimetry of sanctions and the calculation of the base value for the application of penalties. This point should be clarified later on in a specific rule published by the ANPD, subject to prior public consultation. In addition, the new regulations safeguard the ANPD’s Board of Directors’ power to issue an Ordinance to establish the necessary complementary instructions.
Thus, in general, the new resolution seeks to address the duties of the regulated agents, as well as to determine procedural provisions relating to subpoenas, deadlines, communication, and the awareness of administrative acts from the authority.
Furthermore, the regulations provide for the ANPD’s inspection powers, which must comply with a series of premises provided for in the regulations, may be carried out (i) ex officio; (ii) as a result of periodic inspection programs; (iii) in a coordinated manner with public agencies and entities; or (iv) in cooperation with data protection authorities of other countries.
In relation to the ANPD’s acting areas in exercising this authority, it states that:
Regarding the administrative proceeding within the scope of the ANPD, the resolution establishes that the proceeding may be initiated ex officio, at the request of the Inspection Coordination, or as a result of a monitoring process. Additionally, the General Inspection Coordination may, through ex officio or upon request, make preliminary inquiries by means of a preparatory procedure, when the evidence of an infraction is not sufficient for the immediate opening of a sanctioning administrative proceeding. Once the instruction phase of the preparatory procedure is concluded, the General Inspection Coordination may close the procedure or initiate a sanctioning administrative procedure, without damage to the adoption of guidance and prevention measures, depending on the case.
After the infraction notice has been issued, the accused party may present its defense, add any evidence it deems necessary, or present closing arguments. After analyzing the records, the General Inspection Coordination will issue a final decision, which may be appealed to the ANPD Board of Directors.
In order to ensure the aforementioned action of the ANPD, the processing agents have the duty to provide information and documents, allow the authority access to facilities and equipment, be submitted to audits conducted or determined by the ANPD, and keep physical and digital documents during the periods determined legally or administratively. Furthermore, Law No. 9.874, which regulates the Administrative Proceeding, has subsidiary application.
Finally, it should be noted that the General Inspection Coordination Office may also receive Conduct Adjustment Declaration (“TAC”) requests, which have the effect of suspending any administrative proceedings in progress until the term is fully complied with, once the case has been dismissed.
The Resolution is already in effect and can be accessed here. The first monitoring period will begin in January 2002.